On Fri, Sep 23, 2005 at 03:41:02PM +0530, Y Giridhar Appaji Nag wrote: > merge 329664 329667 > thanks > > On 05/09/22 17:27 +0200, Florian Weimer said ... > > Package: mozilla-thunderbird > > Version: 1.0.6-3 > > Severity: grave > > Tags: security > > > > The --compose option executes shell commands: > > > > mozilla-thunderbird --compose 'mailto:`df`' > > > > The df output appears in the To: line of the message. > > > > (This is related to the recently disclosed Firefox bug, which does not > > seem to affect Debian thanks to a different wrapper script.) >
Attached a start script that should fix this issue ... I need definitly feedback before I can push this to stable. Debians script is heavily modified compared to upstreams version so I cannot take their patch directly. Reverting our patches is no option either. Upstream script really works only for some cases. So, if please someone could confirm that all things they usually do still work with the script attached *and* most importantly, that this bug is gone, I would be happy to hear about it. Improved patches welcome. Thanks! - Alexander p.s. please take care that the bug is listed as To: or CC: when replying to this mail (e.g. /reply-all/). -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack | : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `- http://www.debian.org/
#!/bin/sh # # The contents of this file are subject to the Netscape Public License # Version 1.0 (the "NPL"); you may not use this file except in # compliance with the NPL. You may obtain a copy of the NPL at # http://www.mozilla.org/NPL/ # # Software distributed under the NPL is distributed on an "AS IS" basis, # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL # for the specific language governing rights and limitations under the # NPL. # # The Initial Developer of this code under the NPL is Netscape # Communications Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All Rights # Reserved. # ## $Id: mozilla.in,v 1.2.6.1 2004/07/24 23:58:06 bryner%brianryner.com Exp $ ## ## Usage: ## ## $ mozilla [args] ## ## This script is meant to run the mozilla-bin binary from either ## mozilla/xpfe/bootstrap or mozilla/dist/bin. ## ## The script will setup all the environment voodoo needed to make ## the mozilla-bin binary to work. ## moz_pis_startstop_scripts() { MOZ_USER_DIR=".mozilla-thunderbird" # MOZ_PIS_ is the name space for "Mozilla Plugable Init Scripts" # These variables and there meaning are specified in # mozilla/xpfe/bootstrap/init.d/README MOZ_PIS_API=2 MOZ_PIS_MOZBINDIR="${dist_bin}" MOZ_PIS_SESSION_PID="$$" MOZ_PIS_USER_DIR="${MOZ_USER_DIR}" export MOZ_PIS_API MOZ_PIS_MOZBINDIR MOZ_PIS_SESSION_PID MOZ_PIS_USER_DIR case "${1}" in "start") for curr_pis in "${dist_bin}/init.d"/S* "${HOME}/${MOZ_USER_DIR}/init.d"/S* ; do if [ -x "${curr_pis}" ] ; then case "${curr_pis}" in *.sh) . "${curr_pis}" ;; *) "${curr_pis}" "start" ;; esac fi done ;; "stop") for curr_pis in "${HOME}/${MOZ_USER_DIR}/init.d"/K* "${dist_bin}/init.d"/K* ; do if [ -x "${curr_pis}" ] ; then case "${curr_pis}" in *.sh) . "${curr_pis}" ;; *) "${curr_pis}" "stop" ;; esac fi done ;; *) echo 1>&2 "$0: Internal error in moz_pis_startstop_scripts." exit 1 ;; esac } #uncomment for debugging #set -x moz_libdir=/usr/lib/mozilla-thunderbird MRE_HOME=/usr/lib/mre/mre # Use run-mozilla.sh in the current dir if it exists # If not, then start resolving symlinks until we find run-mozilla.sh found=0 progname="$0" curdir=`dirname "$progname"` progbase=`basename "$progname"` run_moz="$curdir/run-mozilla.sh" if test -x "$run_moz"; then dist_bin="$curdir" found=1 else here=`/bin/pwd` while [ -h "$progname" ]; do bn=`basename "$progname"` cd `dirname "$progname"` progname=`/bin/ls -l "$bn" | sed -e 's/^.* -> //' ` if [ ! -x "$progname" ]; then break fi curdir=`dirname "$progname"` run_moz="$curdir/run-mozilla.sh" if [ -x "$run_moz" ]; then cd "$curdir" dist_bin=`pwd` found=1 break fi done cd "$here" fi if [ $found = 0 ]; then # Check default compile-time libdir if [ -x "$moz_libdir/run-mozilla.sh" ]; then dist_bin="$moz_libdir" run_moz="$moz_libdir/run-mozilla.sh" else echo "Cannot find mozilla runtime directory. Exiting." exit 1 fi fi script_args="" moreargs="" debugging=0 MOZILLA_BIN="${progbase}-bin" # The following is to check for a currently running instance. # This is taken almost verbatim from the Mozilla RPM package's launch script. MOZ_CLIENT_PROGRAM="$dist_bin/mozilla-thunderbird-xremote-client" check_running() { "${run_moz}" "$MOZ_CLIENT_PROGRAM" -a 'mozilla-thunderbird' 'ping()' 2>/dev/null >/dev/null RETURN_VAL=$? if [ $RETURN_VAL -eq 0 ]; then echo 1 return 1 else echo 0 return 0 fi } if [ "$OSTYPE" = "beos" ]; then mimeset -F "$MOZILLA_BIN" fi ALREADY_RUNNING=`check_running` ################################################################ Parse Arguments # If there's a command line argument but it doesn't begin with a - # it's probably a url. Try to send it to a running instance. _USE_EXIST=0 _NEW_WINDOW= _optOne="$1" case "${_optOne}" in -*) ;; *) _USE_EXIST=1 ;; esac _optOthers= _optLast= for i in "$@"; do _optLast="${i}" done #last arg for i in "$@"; do [ "$i" = "${_optLast}" ] && break _optOthers="${_optOthers} ${i}" done #others arg #???: needs check if othersopt begin with -* ? if [ `expr "${_optLast}" : '.*:/.*'` -eq 0 -a \( -f "${_optLast}" -o -d "${_optLast}" \) ]; then # Last argument seems to be a local file/directory # Check, if it is absolutely specified (ie. /home/foo/file vs. ./file) # If it is just "relatively" (./file) specified, make it absolutely [ `expr "${_optLast}" : '/.*'` -eq 0 ] && _optLast="file://`pwd`/${_optLast}" elif [ `expr "${_optLast}" : '.*:/.*'` -gt 0 -o -n "${_optOthers}" ]; then #???? like before... _NEW_WINDOW=1 fi ################################################################ Parse Arguments ########################################################################### Main if [ $ALREADY_RUNNING -eq 1 ]; then # There's an instance already running. Use it. # Any command line args passed in? if [ $# -gt 0 ]; then # There were "some" command line args. if [ ${_USE_EXIST} -eq 1 ]; then # We should use an existing instance, as _USE_EXIST=$_USE_EXIST=-1 _open_type="window" #_open_type="tab" _remote_cmd="openURL(${_optLast} , new-${_open_type})" "${run_moz}" "$MOZ_CLIENT_PROGRAM" -a 'mozilla-thunderbird' "${_remote_cmd}" unset _remote_cmd _open_type exit $? fi else # No command line args. Open new window/tab #exec "${run_moz}" "$MOZ_CLIENT_PROGRAM" -a 'mozilla-thunderbird' "xfeDoCommand(openBrowser)" "${run_moz}" "$MOZ_CLIENT_PROGRAM" -a 'mozilla-thunderbird' "xfeDoCommand(openInbox)" exit $? fi fi # Default action - no running instance or _USE_EXIST (${_USE_EXIST}) ! -eq 1 ########################################################################### Main while [ $# -gt 0 ] do case "$1" in -p | --pure | -pure) MOZILLA_BIN="${MOZILLA_BIN}.pure" shift ;; -g | --debug) script_args="$script_args -g" debugging=1 shift ;; -d | --debugger) script_args="$script_args -d $2" shift 2 ;; *) # Protect quotes and $ in command-line arguments from two shell evals moreargs="$moreargs $(echo "$1" | sed -e 's/"/\\\\\\\"/g' \ -e 's/[$]/\\\\\\\$/g')" shift 1 ;; esac done HOOKS=`find $dist_bin/startup-hooks.d/* 2>/dev/null` for i in $HOOKS; do $i done LOCALES_DIR=/var/lib/mozilla-thunderbird/locales.d/ MOZLOCALE="" LOCALES=$(cat $LOCALES_DIR/* | sed -e "s/#.*$//" | grep -v ^$) DEFAULT_LOCALE=$(cat $LOCALES_DIR/* | sed -e "s/#.*$//" | grep -v ^$| head -n 1) # try all locales to match exactly for locale in $LOCALES; do # break if already set lang=$(expr "$locale" : "\(.*\):.*") COUNTRY=$(expr "$locale" : ".*\:\(.*\)") SYSLOCALE="$lang""_$COUNTRY" MATCHED=$(expr "$LANG" : ".*\($SYSLOCALE\).*") #echo matched: $MATCHED if test "x$MATCHED" != "x"; then MOZLOCALE="$lang-$COUNTRY" export MOZLOCALE fi if test "x$MOZLOCALE" != "x"; then break; fi done # match locales only with LANGUAGE for locale in $LOCALES; do if test "x$MOZLOCALE" != "x"; then break fi lang=$(expr "$locale" : "\(.*\):.*") COUNTRY=$(expr "$locale" : ".*\:\(.*\)") SYSLOCALE="$lang""_$COUNTRY" MATCHED=$(expr "$LANG" : "\($lang.*\)") #echo matched2: $MATCHED if test "x$MATCHED" != "x"; then MOZLOCALE="$lang-$COUNTRY" export MOZLOCALE fi done # set absolut default locale if test "x$MATCHED" = "x"; then lang=$(expr "$DEFAULT_LOCALE" : "\(.*\):.*") COUNTRY=$(expr "$DEFAULT_LOCALE" : ".*\:\(.*\)") MOZLOCALE="$lang-$COUNTRY" export MOZLOCALE fi echo selected locale: $MOZLOCALE LOCALE_ARGS="-contentLocale $MOZLOCALE -UILocale $MOZLOCALE" if [ $ALREADY_RUNNING -eq 1 ]; then LOCK_FILE=lock; else LOCK_FILE=; fi MOZ_ARGS= donext= echo moreargs $moreargs eval "set -- '$moreargs'" for opt_in in "$@" do echo opt_in $opt_in if [ -z "$donext" ] then if [ "$opt_in" = "-contentLocale" ] then # let the command line eat the env determined value LOCALE_ARGS= next= donext= elif [ "$opt_in" = -UILocale ] then # let the command line eat the env determined value LOCALE_ARGS= next= donext= elif [ "$opt_in" = "-compose" ] then # if -compose and not remote (aka no lockfile) if [ ! -z "$LOCK_FILE" ] then next=compose donext=true else MOZ_ARGS="$MOZ_ARGS $opt_in" donext= fi else MOZ_ARGS="$MOZ_ARGS $opt_in" donext= fi else # here come the transforming commands if [ "$next" = "compose" ] then # cut off protocol mail_to="$(expr match "$opt_in" "mailto:\(.*\)")" MOZ_ARGS="\"mailto($mail_to)\"" eval "set -- $MOZ_ARGS" "${run_moz}" "$MOZ_CLIENT_PROGRAM" -a 'mozilla-thunderbird' "$@" exit $? fi donext= next= fi done if test -z "$MOZ_ARGS" && test -n "$LOCK_FILE"; then MOZ_ARGS="-remote xfeDoCommand(openInbox)" fi export MRE_HOME eval "set -- '$MOZ_ARGS'" ## Start addon scripts moz_pis_startstop_scripts "start" if [ $debugging = 1 ] then echo exec "$dist_bin/run-mozilla.sh" $script_args "$dist_bin/$MOZILLA_BIN" $LOCALE_ARGS "$@" fi exec "$dist_bin/run-mozilla.sh" $script_args "$dist_bin/$MOZILLA_BIN" $LOCALE_ARGS "$@" exitcode=$? ## Stop addon scripts moz_pis_startstop_scripts "stop" exit $exitcode # EOF.